27
ADVERTORIAL
The data revolution: Managing the exponential risk
It's undeniable that the world as we know it is changing at an exponential pace with the
emergence of social networks, mobile devices and new payment methods (NPM).
Conversely, it is not so much a technological revolution, but a revolution of information.
BY TYSON WIENKER
What does this 'liquid information'
mean for GRC professionals?
A 2012 KPMG governance report
identified two key areas of risks posed
by emerging technologies:
• Information data privacy and security;
• Leveraging social media and data to
shape real-time business decisions
and manage reputational risks.
Indeed, the speed and complexity of this
changing, technologically-driven business
environment has pushed governance
processes, control and risk management
to the fore as a key concern.
• Business transactions can be facilitated in
real time anywhere in the world at anytime
and by anyone, and can be monitored up
to 300,000 times faster than a year ago;
• Legacy, manual KYC/DD systems
rarely take into account the speed
with which business needs to react
to a situation to minimise risks;
• Real-time screening solutions bring
organisational risk approach and
implementation into the 21st century.
Ultimately, ongoing monitoring and
screening plays a crucial role in the
mitigation of risk for all organisations.
Technology-based platforms
with comprehensive databases
such as Lexis Diligence and Bridger
Insight XG can help aggregate the
vast majority of information needed
when verifying individuals or
corporate entities, to protect your
organisation's interests.
www.lexisnexis.com.au/grc
phone1800 772 772
email customer.relations@lexisnexis.com.au
Policing requires
power and the
ability to impose
consequences.
the Libor rigging and Barclays' AML penalties
($US455m). If we look further back in history,
the OFAC penalties sustained by Arab Bank
($US24m), ABN AMRO ($80m), Bank of New
York ($38m), Lloyds Bank ($350m), Credit Suisse
($536m), ING ($619m), JP Morgan Cha se ($88m)
and Wachovia ($160m) are a result of what litigators
euphemistically refer to as "bad facts". And we can
look at the most recent fine of $1.9b again st HSBC.
That is an impressive list of bad facts.
And then there was the cou rt application
issued in early August 2012 against the Standard
Chartered Bank seeking revocation of its banking
licence in the US for violations of sanctions laws
a nd AML/CTF requirements. Standard Cha rtered
Bank was expected to show the court why its US
dollar clearing operations should not be suspended
pending a formal licence revocation hearing, and a
civil penalty could also be forthcoming. Ultimately,
the matter settled for a generous fine of $327m.
The court application also accused the bank's
consultant, Deloitte & Touche, of knowingly
helping Sta nda rd Cha rtered circumvent the
restrictions, and it quotes a Standard Chartered
group director in London as using an expletive
to dismiss sanctions policies against Iran. This
proceeding ha s now being wholly discontinued.
Policymakers have given GRC the fu nction of
policing the behaviour of those who control or
carry out the business activities of the financial
institutions. Yet those who run the businesses have
primacy over the wishes of those who work in GRC.
Policing requires power and the ability to impose
consequences. If the local police force had no ability
to arrest offenders they detect committing crimes, or
they suspect of crimes, then our society would be a
radically different place. Society would be, in effect,
lawless because there is no policing power. Policing
requires power and consequence.
In policing behaviour, the GRC function
can only be effective if there are other positive
drivers motivating the behaviour of those in X